Devices for making purchases without the necessity of cash are known. Such devices range from pre-loaded debit cards (e.g., farecards on public transportation systems) to credit cards. While such devices are similar in some regards, they differ in others. The devices are similar in that they are typically constructed of plastic with a magnetic stripe on one side or the other. They differ in that a farecard is altered during use while a credit card is not.
The farecard is altered during use in that a numerical value (e.g., a dollar value or a number of bus rides) stored on the card is changed during use. Each time that the card is used a value indicative of the value of the use is subtracted from the value stored on the farecard and a new, lesser value is stored on the farecard in place of the original value.
A credit card, instead of storing a numerical suggestion of value on the magnetic stripe of the credit card, provides a promise of future payment of an incurred debt from an authorized user of the credit card. Such devices are also typically constructed of plastic with a visually readable indicia of origin (i.e., VISA, MASTERCARD, etc.) and a magnetic strip. The magnetic strip typically contains an account number of the authorized user of the card. The magnetic strip may also contain a personal identification number (PIN) of the authorized user.
To use a credit card a user simply presents the card to a vendor as an indication of a request for credit. The vendor may simply run the card through an imprinter and ask the user to sign the imprint or the vendor may, in addition, call an issuing financial institution for an authorization number. In many cases, no attempt is made to verify that the user is, in fact, an authorized user.
Where the credit card is also used as a cash station card, an additional requirement of use may be that the user enter his personal PIN number. However, since the PIN number was already present within the magnetic strip of the credit card and since a person with a card reader and the facilities to decode the magnetic strip may also be able to decode the authorized user's PIN number, the additional requirement of the entry of a PIN number is not a very effective means of preventing fraud.
Smartcards are also known. Smartcards attempt to solve the problem of storing PIN numbers on credit cards by encrypting the PIN number with other numbers such as a public key and/or a time of day and month. Further, an account number of an authorized user may also be encrypted with the same or a different public key as a further deterrent to decryption by an unauthorized user.
Upon receiving a smartcard, a cardreader of a vendor may first read an unencrypted name of an issuing credit card company followed by an encrypted account number of an account of the authorized user and PIN number. A modem interconnected with the vendor's card reader uses the unencrypted name of the issuing credit card company to establish a data link with the issuing credit card company. The modem then transmits the encrypted information to the issuing credit card company which then, using its own version of the public key, decodes the received information.
Upon decoding the received information, the issuing credit card company may authorized the transaction based upon the decoded information or may request that the credit card user enter his PIN number through an associated keyboard. If the issuing credit card company authorizes the sale, the issuing credit card company may transmit an authorization number back to the vendor's modem authorizing the sale.
If the issuing credit card company, as an additional security feature, should also request that the user enter his PIN number, the user would enter his PIN number which the issuing credit card company would then compare with the decoded PIN number and either authorize or decline the transaction. In entering his PIN number through the keyboard of the vendor (or at a cash station) the user risks disclosure of the PIN number to the vendor or nearby onlookers. If the user should forget his card upon leaving the vendor's place of business, or should be later pick-pocketed by an onlooker of the transaction, the security offered by the card may be completely compromised.
Credit cards in general have become an indispensable part of the world economy. Because of the importance of credit or other cashless transactions a need exists for a method of accomplishing such transactions without the risk of publicly disclosing confidential information such as PIN number that are otherwise used to protect credit accounts.